EVERYTHING ABOUT TOTP

pranksterguru
pranksterguru in General
TOTP authentication is not a big deal if you know about it enough. it is just another authentication system where it creates a password for you every 30 seconds based on your computer time.

how to keep the TOTP forever
  1. before you enable the TOTP in google authenticator, take photo of the QR code. later it can be used if you change your phone or when you reset your phone.
  2. click on the small link below the QR image which says copy the key(you can use QR reader also) and save it somewhere safe. in your google authenticator select option which says 'enter code manually' and enter it. you can even have the same code in as many device as possible

it is even more simpler programically
take a note of the key by clicking on the link below the QR image and send it as parameter to the below java code. i am waiting for new code to be generated just to be sure it doesnt get expired while making connection with zerodha.
maven dependencies

<dependency>
<groupId>de.taimos</groupId>
<artifactId>totp</artifactId>
<version>1.0</version>
</dependency>

<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.10</version>
</dependency>

private String getTotp(String totp) throws Exception {

		try {
			Base32 base32 = new Base32();
			byte[] bytes = base32.decode(totp);
			String hexKey = Hex.encodeHexString(bytes);
			String previousKey = TOTP.getOTP(hexKey);

			while (previousKey.equals(TOTP.getOTP(hexKey))) {
				Thread.sleep(1000);
				log.info("sleeping for a second to wait for next key . current is : " + TOTP.getOTP(hexKey));
				
			}
			System.out.println("The new key is :" + TOTP.getOTP(hexKey));

			return TOTP.getOTP(hexKey);

		} catch (Exception e) {
			log.error("Exception occured --> ", e);
			throw e;
		}

	}


how to enable to the TOTP in zerodha is clearly mentioned by them here.
https://support.zerodha.com/category/your-zerodha-account/login-credentials/login-credentials-of-trading-platforms/articles/time-based-otp-setup


  • Ramkrishna
    Ramkrishna
    ya man, if anybody has any programming background and has a secret key , will be able to generate TOTP on the fly. so what's security in that. it is clear that SEBI has little technical knowledge on this if they originally proposed TOTP. so sad that in India still people without technical background are making such decisions.
  • Leenaa
    Leenaa edited March 2023
    Hi guys
    Thank you pranksterguru for explaining :)
Sign In or Register to comment.